Revealing source code should not be a security problem. Open source is not less secure than closed source. If enough non-evil eye pairs read it and responsibly disclose their findings at least.
However, storing database passwords or password hashes in git (at least inside the same repo) is a major design flaw.
I highly doubt this is a off the shelf Wordpress install. In fact, a standard WP is not > 1gb of data, which the post describes.
There will be a massive amount of customization, so revealing source code probably is a security risk. Iām willing to bet a competent code auditor could find secondary vulns in that code.
However, storing database passwords or password hashes in git (at least inside the same repo) is a major design flaw.